more tags update
parent
1712727d95
commit
8601b2167d
|
@ -4,6 +4,7 @@ info:
|
|||
author: puzzlepeaches
|
||||
name: "Amazon MWS Auth Token"
|
||||
severity: medium
|
||||
tags: token,aws
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -4,6 +4,7 @@ info:
|
|||
name: AWS Access Key ID Value
|
||||
author: Swissky
|
||||
severity: info
|
||||
tags: token,aws
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -15,6 +15,7 @@ info:
|
|||
author: Sy3Omda
|
||||
severity: info
|
||||
description: Look for multiple keys/tokens/passwords in the page response.
|
||||
tags: token
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -4,11 +4,7 @@ info:
|
|||
name: Generic Tokens
|
||||
author: nadino
|
||||
severity: info
|
||||
|
||||
# Notes:-
|
||||
# This template requires manual inspection once found valid match.
|
||||
# Generic token could be anything matching below regex.
|
||||
# Impact of leaked token depends on validation of leaked token.
|
||||
tags: token
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -1,14 +1,10 @@
|
|||
id: http-username-password
|
||||
|
||||
# Extract something like https://username:password@vulnerable.com
|
||||
|
||||
info:
|
||||
name: Http usernamme password
|
||||
author: nadino
|
||||
severity: info
|
||||
|
||||
# Notes:-
|
||||
# This template requires manual inspection once found valid match.
|
||||
tags: token
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -4,9 +4,8 @@ info:
|
|||
name: FCM Server Key
|
||||
author: Abss (@absshax)
|
||||
severity: high
|
||||
|
||||
# Reference:- https://abss.me/posts/fcm-takeover
|
||||
# FCM Project Credentials
|
||||
tags: token,google
|
||||
reference: https://abss.me/posts/fcm-takeover
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -3,7 +3,8 @@ id: google-api-key
|
|||
info:
|
||||
name: Google API Key
|
||||
author: Swissky
|
||||
severity: low
|
||||
severity: info
|
||||
tags: token,google
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -4,6 +4,7 @@ info:
|
|||
name: Mailchimp API Value
|
||||
author: puzzlepeaches
|
||||
severity: medium
|
||||
tags: token,mailchimp
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -7,6 +7,7 @@ info:
|
|||
name: Slack access token
|
||||
author: nadino
|
||||
severity: medium
|
||||
tags: token,slack
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -5,10 +5,9 @@ info:
|
|||
author: 0xrudra & manuelbua
|
||||
severity: info
|
||||
tags: api
|
||||
|
||||
# References:
|
||||
# - https://github.com/dwisiswant0/wadl-dumper
|
||||
# - https://www.nopsec.com/leveraging-exposed-wadl-xml-in-burp-suite/
|
||||
reference: |
|
||||
- https://github.com/dwisiswant0/wadl-dumper
|
||||
- https://www.nopsec.com/leveraging-exposed-wadl-xml-in-burp-suite/
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -5,9 +5,7 @@ info:
|
|||
author: jarijaas
|
||||
severity: info
|
||||
tags: api
|
||||
|
||||
# This detects web services that have WSDL (https://www.w3.org/TR/wsdl/)
|
||||
# For instance, SOAP services, such as: https://docs.microsoft.com/en-us/xamarin/xamarin-forms/data-cloud/web-services/asmx
|
||||
description: Detects web services that have WSDL (https://www.w3.org/TR/wsdl/)
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -5,6 +5,7 @@ info:
|
|||
author: dhiyaneshDK
|
||||
severity: low
|
||||
reference: https://hackerone.com/reports/1026196
|
||||
tags: config
|
||||
|
||||
requests:
|
||||
- method: GET
|
|
@ -4,6 +4,8 @@ info:
|
|||
name: Detect Private SSH and TLS Keys
|
||||
author: geeknik
|
||||
severity: high
|
||||
tags: config
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
|
@ -4,8 +4,8 @@ info:
|
|||
name: X Prober server information leakage
|
||||
author: pdteam
|
||||
severity: low
|
||||
|
||||
# Source:- https://twitter.com/bugbounty_tips/status/1339984643517423616
|
||||
tags: config
|
||||
reference: https://twitter.com/bugbounty_tips/status/1339984643517423616
|
||||
|
||||
requests:
|
||||
- method: GET
|
|
@ -5,6 +5,7 @@ info:
|
|||
author: oppsec
|
||||
severity: info
|
||||
description: Bower is a package manager which stores packages informations in bower.json file
|
||||
tags: file
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -4,6 +4,7 @@ info:
|
|||
author: gevakun
|
||||
severity: low
|
||||
reference: https://twitter.com/Wh11teW0lf/status/1295594085445709824
|
||||
tags: file
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -4,6 +4,7 @@ info:
|
|||
name: Drupal Install
|
||||
author: NkxxkN
|
||||
severity: low
|
||||
tags: file
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -4,6 +4,7 @@ info:
|
|||
name: Directory Listing via DS_Store
|
||||
author: 0w4ys
|
||||
severity: info
|
||||
tags: file
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -4,8 +4,8 @@ info:
|
|||
name: Exposed Spring Data REST Application-Level Profile Semantics (ALPS)
|
||||
author: dwisiswant0
|
||||
severity: medium
|
||||
|
||||
# https://niemand.com.ar/2021/01/08/exploiting-application-level-profile-semantics-apls-from-spring-data-rest/
|
||||
tags: file
|
||||
reference: https://niemand.com.ar/2021/01/08/exploiting-application-level-profile-semantics-apls-from-spring-data-rest/
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -4,6 +4,8 @@ info:
|
|||
name: Filezilla
|
||||
author: amsda
|
||||
severity: medium
|
||||
tags: file
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
|
|
|
@ -3,6 +3,7 @@ info:
|
|||
name: Keycloak Json File
|
||||
author: oppsec
|
||||
severity: info
|
||||
tags: file
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -4,6 +4,7 @@ info:
|
|||
name: Lazy File Manager
|
||||
author: amsda
|
||||
severity: medium
|
||||
tags: file
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -5,6 +5,7 @@ info:
|
|||
author: oppsec
|
||||
severity: info
|
||||
description: yarn.lock is a file which store all exactly versions of each dependency were installed.
|
||||
tags: file
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -4,7 +4,7 @@ info:
|
|||
name: elmah.axd Disclosure
|
||||
author: shine
|
||||
severity: medium
|
||||
tags: logs
|
||||
tags: log
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -3,7 +3,7 @@ info:
|
|||
name: common error log files
|
||||
author: geeknik & daffainfo
|
||||
severity: low
|
||||
tags: logs
|
||||
tags: log
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -4,7 +4,7 @@ info:
|
|||
name: Laravel log file publicly accessible
|
||||
author: sheikhrishad
|
||||
severity: low
|
||||
tags: laravel,logs
|
||||
tags: laravel,log
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -4,7 +4,7 @@ info:
|
|||
name: Publicly accessible NPM Log file
|
||||
author: sheikhrishad
|
||||
severity: low
|
||||
tags: npm,logs
|
||||
tags: npm,log
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -4,7 +4,7 @@ info:
|
|||
name: Rails Debug Mode Enabled
|
||||
author: pd-team
|
||||
severity: medium
|
||||
tags: logs,rails
|
||||
tags: log,rails
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -4,7 +4,7 @@ info:
|
|||
name: Apache Struts setup in Debug-Mode
|
||||
author: pd-team
|
||||
severity: low
|
||||
tags: logs,struts,apache
|
||||
tags: log,struts,apache
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -5,7 +5,7 @@ info:
|
|||
author: dhiyaneshDK
|
||||
severity: low
|
||||
reference: https://www.rapid7.com/db/vulnerabilities/spider-asp-dot-net-trace-axd/
|
||||
tags: logs,asp
|
||||
tags: log,asp
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
Loading…
Reference in New Issue